A vulnerability was found in code-projects Admin Dashboard 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /vendor_management.php. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting product names.
History

Wed, 11 Dec 2024 00:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:code-projects:admin_dashboard:1.0:*:*:*:*:*:*:*

Mon, 09 Dec 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects admin Dashboard
CPEs cpe:2.3:a:code-projects:admin_dashboard:*:*:*:*:*:*:*:*
Vendors & Products Code-projects
Code-projects admin Dashboard
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 09 Dec 2024 05:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in code-projects Admin Dashboard 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /vendor_management.php. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting product names.
Title code-projects Admin Dashboard vendor_management.php cross site scripting
Weaknesses CWE-79
CWE-94
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N'}

cvssV3_0

{'score': 3.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N'}

cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-12-09T05:00:13.606Z

Updated: 2024-12-09T19:52:55.986Z

Reserved: 2024-12-08T20:43:56.603Z

Link: CVE-2024-12359

cve-icon Vulnrichment

Updated: 2024-12-09T19:52:50.730Z

cve-icon NVD

Status : Analyzed

Published: 2024-12-09T05:15:07.630

Modified: 2024-12-10T23:34:02.110

Link: CVE-2024-12359

cve-icon Redhat

No data.